Apply Now    
Job ID :
Location :
Northbrook, IL US
Level :
Job Category :
Information Technology
Description :

Where good people build rewarding careers.

Think that working in the insurance field can’t be exciting, rewarding and challenging? Think again. You’ll help us reinvent protection and retirement to improve customers’ lives. We’ll help you make an impact with our training and mentoring offerings. Here, you’ll have the opportunity to expand and apply your skills in ways you never thought possible. And you’ll have fun doing it. Join a company of individuals with hopes, plans and passions, all using and developing our talents for good, at work and in life.

Job Description

The Opportunity:
We are the Good Hands; we help people realize their hopes and dreams through products and services designed to protect them from life’s uncertainties and to prepare them for the future.  Nearly every major Allstate project has a partnership with technology – a partnership that is imperative to the success of the organization. With the company’s size and related technology scale, job opportunities and career advancement paths in IT are abundant at Allstate. In order to maintain our place at the forefront of the technological landscape, Allstate needs to hire the best and the brightest talent – is that you?   
The Role:
Manage the SOC incident handling, incident response, and forensics teams mentoring, capacity management, and incident review.  Partner with other SOC capability areas and the larger information security program to assist in incident investigation, collaboration, and communication. 

Job Description

Provide day-to-day oversight for incident handling, incident response, and forensic teams.  Review all incidents and participate in all shift turnover meetings.  Lead weekly incident review meetings with L2 and L3 incident handlers.  Manage relationship with MSSP vendor and ensure that SLAs are being met.  Maintain and enhance team training and career advancement plans.   Must be able to manage multiple priorities and projects at once.  Responsible for overall ownership of all incident handling, incident response, and forensics playbooks, procedures, and workflows.  Participate in weekly IH/IR and SIEM engineering calls to drive down false positives of SIEM content.  Serve as a subject matter expert as it pertains to the incident handling and incident response processes.  Possess a proactive mindset of always improving existing processes.  Develop and enhance team onboarding procedures.

Job Qualifications


The ideal candidate will have 10+ years incident handling and incident response experience.  They should have technical knowledge of network security, operating system security, vulnerability management, common attacker techniques and exploits, encryption, and SIEM.  They should know how to lead investigations and direct incident handlers and question the investigative process being followed.  They should have experience in writing both technical incident investigation reports as well as reports for senior leadership.  They must be able to manage multiple initiatives at once in addition to day-to-day operations.  They should have experience in managing teams of 8 or more people and providing mentorship. 



In addition, the ideal candidate must have the following knowledge / experience:
• Advanced incident investigation and response experience
• Advanced log parsing and analysis skill sets
• Advanced knowledge of networking fundamentals (TCP/IP, network layers, Ethernet, ARP, etc)
• Moderate knowledge of Windows, Unix/Linux, and Mac operating systems
• Moderate knowledge of SIEM technologies and use case design
• Moderate knowledge of malware operations and indicators
• Moderate knowledge of network defenses such as firewalls, IDS/IPS, Packet Capture, Proxies
• Moderate experience with scripting
• Moderate knowledge of forensic techniques
• Moderate knowledge of audit requirements (PCI, HIPPA, SOX, etc)
Security Certifications Preferred (Including but not limited to the following certifications):
• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler (GCIH)
• Certified Intrusion Analyst (GIAC)
• Certified Ethical hacker (CEH)
• Certified Expert penetration tester (CEPT)
• Networking Certifications (CCNA, etc)
• Platform Certifications (Microsoft, Linux, Solaris, etc)

The candidate(s) offered this position will be required to submit to a background investigation, which includes a drug screen.

Good Work. Good Life. Good Hands®.

As a Fortune 100 company and industry leader, we provide a competitive salary – but that’s just the beginning. Our Total Rewards package also offers benefits like tuition assistance, medical and dental insurance, as well as a robust pension and 401(k). Plus, you’ll have access to a wide variety of programs to help you balance your work and personal life -- including a generous paid time off policy.

Learn more about life at Allstate. Connect with us on Twitter, Facebook, Instagram and LinkedIn or watch a video.

Allstate generally does not sponsor individuals for employment-based visas for this position.

Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component.

For jobs in San Francisco, please see the notice regarding the San Francisco Fair Chance Ordinance.

For jobs in Los Angeles, please seethe notice regarding the Los Angeles Ordinance.

It is the policy of Allstate to employ the best qualified individuals available for all jobs without regard to race, color, religion, sex, age, national origin, sexual orientation, gender identity/gender expression, disability, and citizenship status as a veteran with a disability or veteran of the Vietnam Era.


Apply Now